Steps A Small Business Can Take To Protect Customers Data And Comply With The Law

Sep 2, 2014 by

Steps A Small Business Can Take To Protect Customers Data And Comply With The Law

6288796197_5eb3252803_bJeff Warren

We live in an age of information technology and never before have businesses stored so much customer data. One could argue that never before has that data been a vulnerable to theft as it is today because of the internet and system technology.

Business owners realise after many examples of data theft and abuse, that they must take steps to protect the information they hold. Indeed, new laws mean they have a duty to do so, or face crippling fines if they fail. They must also report any suspected theft or data leaks to the relevant authorities so that enquiries can begin.

Buy what can a small business, say a retail establishment, do to protect the data they hold. Here are some vital steps you must take and a few optional suggestions you might like to consider. There is more information on government websites about the laws in your country.


Business computers are a weak link in data protection, particularly in a small business where there is not an expert, dedicated team focusing on the subject. Those who wish to harvest information will often try to do so by hacking into the machines and downloading the information they seek. There are several ways to protect the information stored on a computer or local network; here are a few examples.

  • Apply all the latest operating system updates. Hackers will target that system first, and the software giants are in a constant battle to stay one step ahead of them.

  • Activate the firewall. Most operating systems come with a firewall to block remote access to a computer. There are many aftermarket products available that might offer a higher level of security. Undertake some detailed research into this vital component.

  • Connect the machines on the network with cables and disable the wireless function. Hackers have high-tech methods of connecting to your equipment wirelessly.

  • Set permissions on the machines so that junior members of staff cannot access data they do not need in their job.

  • Set passwords for all users and change them regularly.

Credit Card Data

It is necessary, in the UK, to become Payment Card Industry Data Security Standard compliant if you are to receive payment by debit or credit card. In order to comply, you must complete a questionnaire and a telephone line test to make sure your system is secure. The best way for a small shop to accept payments is via a standalone point of sale terminal that is not connected to their computers. That way, you do not store any sensitive numbers. You must destroy your copy of the paper transaction receipts that have information on them because there is no reason to keep them after cashing up at the end of the day.

Portable Storage

You must never carry sensitive data around on disks, memory cards, or flash cards unless you encrypt it. There are many applications on the market that will do the job well.


Hackers will try to discover your passwords. If you use the same one for many things, they will have access to much of your personal and business information. Try never to use the same one twice. That way, if they crack it, they will only have limited access.

I think you will agree; many of the steps you can take are common sense. They should be included in the business policy and reviewed. Failure to follow them can prove costly.

Related Posts


Share This

Leave a Reply

Your email address will not be published. Required fields are marked *